public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

* [Bitcoin-development] one-show signatures (Re: The relationship between Proof-of-Publication and Anti-Replay Oracles)
@ 2014-12-21 18:10 Adam Back
  2014-12-21 18:51 ` Peter Todd
  0 siblings, 1 reply; 3+ messages in thread
From: Adam Back @ 2014-12-21 18:10 UTC (permalink / raw)
  To: Peter Todd; +Cc: Bitcoin Dev

Yes you could for example define a new rule that two signatures
(double-spend) authorises something - eg miners to take funds. (And
this would work with existing ECDSA addresses & unrestricted R-value
choices).

I wasnt really making a point other than an aside that it maybe is
sort-of possible to do with math what you said was not possible where
you said "This [preventing signing more than one message] is
impossible to implement with math alone".

Adam

On 21 December 2014 at 15:29, Peter Todd <pete@petertodd•org>
> There's no need to get into the specifics of crypto math so early; you
> can just as easily and only slightly less efficiently obtain the same
> result with a few extensions to the Bitcoin scripting system to verify
> ECDSA signatures directly.



^ permalink raw reply	[flat|nested] 3+ messages in thread

• * Re: [Bitcoin-development] one-show signatures (Re: The relationship between Proof-of-Publication and Anti-Replay Oracles)
    2014-12-21 18:10 [Bitcoin-development] one-show signatures (Re: The relationship between Proof-of-Publication and Anti-Replay Oracles) Adam Back
  @ 2014-12-21 18:51 ` Peter Todd
    2014-12-22  0:56   ` paul snow
    0 siblings, 1 reply; 3+ messages in thread
  From: Peter Todd @ 2014-12-21 18:51 UTC (permalink / raw)
    To: Adam Back; +Cc: Bitcoin Dev
  
  [-- Attachment #1: Type: text/plain, Size: 1028 bytes --]
  
  On Sun, Dec 21, 2014 at 06:10:47PM +0000, Adam Back wrote:
  > Yes you could for example define a new rule that two signatures
  > (double-spend) authorises something - eg miners to take funds. (And
  > this would work with existing ECDSA addresses & unrestricted R-value
  > choices).
  > 
  > I wasnt really making a point other than an aside that it maybe is
  > sort-of possible to do with math what you said was not possible where
  > you said "This [preventing signing more than one message] is
  > impossible to implement with math alone".
  
  Introducing a bunch of clever ECDSA math doesn't change the fact that
  the clever math isn't what is preventing double-spending, clever
  economics is. Just like Bitcoin itself.
  
  No sense getting people potentially confused by a bunch of complex
  equations that aren't relevant to the more fundemental and much more
  important principle that math alone can't prevent double-spending.
  
  -- 
  'peter'[:-1]@petertodd.org
  00000000000000001bc21486eb6e305efc085daa6b9acd37305feba64327342e
  
  [-- Attachment #2: Digital signature --]
  [-- Type: application/pgp-signature, Size: 650 bytes --]
  
  ^ permalink raw reply	[flat|nested] 3+ messages in thread

• • * Re: [Bitcoin-development] one-show signatures (Re: The relationship between Proof-of-Publication and Anti-Replay Oracles)
      2014-12-21 18:51 ` Peter Todd
    @ 2014-12-22  0:56   ` paul snow
      0 siblings, 0 replies; 3+ messages in thread
    From: paul snow @ 2014-12-22  0:56 UTC (permalink / raw)
      To: Peter Todd; +Cc: Bitcoin Dev
    
    [-- Attachment #1: Type: text/plain, Size: 1210 bytes --]
    
    On Sun, Dec 21, 2014 at 12:51 PM, Peter Todd <pete@petertodd•org> wrote:
    
    > On Sun, Dec 21, 2014 at 06:10:47PM +0000, Adam Back wrote:
    > > Yes you could for example define a new rule that two signatures
    > > (double-spend) authorises something - eg miners to take funds. (And
    > > this would work with existing ECDSA addresses & unrestricted R-value
    > > choices).
    > >
    > > I wasnt really making a point other than an aside that it maybe is
    > > sort-of possible to do with math what you said was not possible where
    > > you said "This [preventing signing more than one message] is
    > > impossible to implement with math alone".
    >
    > Introducing a bunch of clever ECDSA math doesn't change the fact that
    > the clever math isn't what is preventing double-spending, clever
    > economics is. Just like Bitcoin itself.
    >
    > No sense getting people potentially confused by a bunch of complex
    > equations that aren't relevant to the more fundemental and much more
    > important principle that math alone can't prevent double-spending.
    
    
    Math alone describes all of Bitcoin's structure; as math is a way to model
    reality, it has no limits. Saying Math can't prevent double-spending is
    near equivalent to saying it cannot be done.
    
    [-- Attachment #2: Type: text/html, Size: 1651 bytes --]
    
    ^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-12-22  0:57 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-21 18:10 [Bitcoin-development] one-show signatures (Re: The relationship between Proof-of-Publication and Anti-Replay Oracles) Adam Back
2014-12-21 18:51 ` Peter Todd
2014-12-22  0:56   ` paul snow

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox